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1. INTRODUCTION 

In the world of safe technology, the first step in the journey of login system according to identify a 
customer/administrator using a multi-factor authentication scheme that is an umbrella term for checking an 
unauthorized customer or robot based on certain factor/s, such as password, token, biometric. Today, there are 
three traditional classes of multi-factor authentication: something you have (e.g., smart mobile, USB token- 
driver), something you are (e.g., hand geometry, fingerprint), and something you know (e.g., username and 
password). Additionally, somewhere you are or location has been included as an additional factor to detect 
or track the user's location from a tracking device (e.g., global positioning system (GPS), WiFi locator, and 
RFID reader location), although it is not as widely undesirable as in the other traditional three factors [1]. 
Commonly, single-factor authentication (SFA) was most widely used by society due to its easiness and user 
approachability. Seemingly, SFA is the most unsuccessful in resisting malicious attacks like dictionary attacks, 
man-in-the-middle (MITM) attacks, social engineering techniques [2]. As a result, the single factor fails to 
support adequate protection due to a set of security threats [3], [4]. As an obvious step forward, the researchers 
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focused on the combination of the username/password with the second factor like personal identification 
number (PIN) [5] called two-factor authentication (2FA). Here, 2FA adds a shield layer of security to the 
authentication procedure, making it a solider for attackers to access online accounts. Even if the victim's 
password is a breakthrough, a password alone is not enough to pass the authentication check in 2FA. 

Additionally, the role of this process is to control access to the systems and data. Online service 
providers prefer to use 2FA to preserve the security of their users' credentials against being used by adversaries 
who are increasingly using 2FA to protect their users' credentials from being used by hackers who plunder a 
password database to gain user passwords. Authentication occurs once the user logs in to the system, 
determining his authorization level. A user's authorization may specify what resources they have access to and 
the tasks they may do. RBAC decides whether or not to provide access based on the traits and resources of the 
requesting party. It means that the user's access rights will vary depending on their position in the organization. 
An administrator establishes the criteria for each position’s access and who gets to have that access. 
Additionally, RBAC can control users' privileges and distribute their authority according to the work 
methodology of the proposed system. Users can hence be made members of a certain role depending on their 
responsibilities or corporate position and can be later be reassigned to another role without impacting the 
underlying access control infrastructure. 

This work contributes by proposing a good security scheme that stresses the usability of integrating 
authentication factors in a healthcare system and access control. The proposed scheme aims to distribute the 
policies and privileges among the system's components: administrator and users; the user has the right to enjoy 
all or some of the main system operations adding, deleting, and modifying according to the permission given 
to him by the administrator. In our solution, we depend on formal (Scyther tool) and informal security analyses 
to prove the immunity of the proposal work towards well-known attacks like Insider attacks, reply attacks, 
MITM attacks, impersonate attacks; the proposed scheme has powerful features such as anomaly, perfect 
forward secrecy, unlinkability. Additionally, users' privacy relies on the healthcare center responsible for 
generating secret keys of the administrator and users. 

The rest of the paper is structured as follows: section 2 discusses the latest related work. Section 3 
presents the proposed healthcare authentication schemes followed by its security analysis in section 4. Finally, 
section 5 concludes this paper. 


2. RELATED WORK 

Multi-factor authentication is one of the most schemes of security's world that applies in many systems, 
which depend on two or more factors, attempts to improve information security, preserving privacy, and trust 
management in sophisticated contexts like the internet of things and smart devices [1]. Significantly, users need 
simple user-friendly authentication procedures in smart hyper-connected devices and wearable devices. 
Consequently, several challenges face the developers of smart systems such as smart login, secure exchange 
information, and attributes-based user's authentication [3]. The privacy of user information wishing to register in 
a sensitive system (e.g., E-bank and E-healthcare) must be protected against opponents [1], [6], [7]. 

According to research, multi-factor authentication is more extensively utilized in mobile 
environments and E-healthcare. The one-time password (OTP) and security token are frequently recommended 
in the financial transaction attendance system [8]. Numerous research papers have attempted to offer strong 
multi-factor authentication schemes such as face recognition and unique hardware identification used in city 
and community street monitoring [9]. These schemes focused on feeding the people with prior information. 
Then they use the same information to answer some questions used as something you know to factor in the 
login system [10]. In the ATM card field, some schemes embedded chip and iris recognition [11] have been 
offered as a realistic way to authenticate ATM customers [12]. 

In recent research articles, we have seen the need for multi-factor authentication, which should be 
required to avoid impersonation attributes. Traditional factors such as something you have, 
something you know, and something you are used in the three-factor technique. It has been suggested that 
something you have is automatic for mobile users because it is always with the user's smartphone [13]. Some 
authors use a dynamically near-field communication (NFC) code as an additional factor in their scheme to 
increase security [14]. Symmetric keys can be used with other components such as passwords and biometric 
data [15]. All three factors can be successfully combined, taking into account addressing the balance between 
complexity and performance must be addressed [11]. In addition to the three traditional features. The fourth 
factor is where you are or your location [16]. Low-cost locators like Bluetooth and GPS can be used to track 
or locate a person while authenticating to the system [17]. 

The more factors are added, the more confident a system is; nonetheless, usability must be considered. 
People use these systems frequently and cannot devote the time and effort required to log on or do any difficult 
authentication step many times per day [18]. SELAMAT, a robust multi-factor authentication scheme, works easy 
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to assist users in accessing cross-platform systems in different geographical areas [19]. Similarly, using a third- 
party authentication tool like Google Authenticator to generate PIN code and OTP can save consumers time and 
effort, supporting a single sign-on (SSO) experience [18]. Users do not need to memorize a password or token in 
a security system focused on usability and deploy ability; instead of restoring passwords, scan a dynamically 
generated quick response code with their smartphone (QR code) [20]. Unlike traditional multi-factor 
authentication, which requires users to use specific factors without allowing them to choose which ones they 
prefer, (t, n) threshold authentication allows users to choose which authentication factors they want to use [21]. 

Several multi-factor authentication techniques have been introduced so far. However, the practical 
deployment observes to be limited since they require too much work from the user and do not provide the 
security level expected [22]. Also, since it requires a high level of user proficiency and may not have 
authentication devices everywhere, adopting some hostile, high-tech aspects may deter users from acquiring 
and implementing these systems [23]. This is in line with a study [24] indicating that more user-friendly multi- 
factor authentication is relatively important; even though very few previous publications focused on user 
evaluation of different objectives, attendance systems have sometimes been developed with security 
mechanisms to prevent impersonation or spoofing have been developed. During the COVID-19 crisis, the 
multi-factor scheme became popular in many systems, depending on QR code identification and face 
verification factors [25]. 

In addition, it’s necessary to specify the responsibilities of each user when granting access. Role-based 
access control (RBAC) allows us to create and restrict our needs’ access to functionality and information. 
System access may be restricted depending on a user's job within the organization using the RBAC technique 
[26]. To be specific, four primary contributions of the paper are summarized as: i) design a secure Multi-Factor 
authentication scheme based on the management and support of large-scale healthcare systems and scalability; 
ii) access to data must be secured and protected in real-time over a public communication channel; iii) the 
registration phase allows authorized administrators and users to access current and future resources based on 
their permissions; iv) perform formal and informal analysis to ensure the security system sturdiness, 
effectiveness, and resistance to common malicious attacks. 


3. PROPOSAL SCHEME 

In this section, we propose the strong authentication of the administrator in the healthcare system 
consist of three components: administrator (ADM), user data entry (U;), the healthcare center (HCC). In 
addition, our work is based on five phases: initialization phase, registration phase, authentication 
(administrator, user) phase, and trust management phase. 


3.1. Initialization phase 

Step1: the administrator (ADM) plays the primary role of managing and accessing control of the components. 
Therefore, he needs to register his information (full name (FN,py), address (AD,py), administrator's identity 
(IDapm), phone number (PNO,py), username (UN,py), password (PW,py)) in the HCC for one time. Then, 
HCC (PWapm = H(PWapm||UNapm)) is computed to preserve the privacy of Admin's identity in an 
anomalous manner. However, HCC uses H(.) as a crypto-hash secure hash algorithm (SHA) 256, where 
hashing considers the core principles of additional security modules and works as one side function. SHA 256 
is a part of the SHA 2 family of algorithms. The significance of the 256 in the name attitudes for the final hash 
digest value, i.e., irrespective of the size of plaintext/cleartext, the hash value will always be 256 bits. 

Step 2: generate public and private keys (Pr4pm, PU,pm ) to encrypt Enc(. )/decrypt Dec(.) based on public- 
key encryption. 

Step 3: HCC generates the shared key (SKypy E Z ) to encrypt Enc(.)/decrypt Dec(.) data based on 
symmetric key encryption counter mode (CTR mode). 

Step 4: HCC stores the IP information of the Internet service provider (HCC;,) for HCC in the database. 


3.2. Registration phase 

Step 1: ADM registers U;'s information (full name (FNy,), address (ADy,), phone no. (PNy,), email (EMy,), 
username (UNy,), password (PWy,)), to HCC. Then, HCC saves PWy, as anomaly method by using 
UN'y, = H(PWy,||UNy,). 

Step 2: generate public and private keys (Pry,, Puy, ) to sign data from the U; to the HCC based on Schnorr 
digital signature as below: 

U; selects two large prims p and q such that: (p — 1) mod q = 0. 

U; chooses g E Zp of order q, g #1& 91 = 1 mod p. 

U; picks xy, € Zq and g*¥imod p. 
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Pry, = Xy, and Puy, = g*¥imod p. 

Step 3: after completing the registration process of P; and determining his health status by HCCpp,, ADM 
uploads F Fp, to C;. 

Step 4: finally, HCC sends (Pugpm, SKapm) to the Uj. 


3.3. Administrator authentication phase 

At this point, the main dialogue will take place between two main components HCC and the administrator 
of the system (ADM). All system privileges are linked by ADM. We notice that ADM can access and manage the 
major processes and system components. Therefore, it is necessary to provide a secure and immunogenic 
authentication phase for ADM as shown in Figure |. The steps below refer to the mechanism of the current phase: 
Step 1: ADM enters his login credentials (UNjpy,PW,pm) and selects r € Z. 
Step 2: ADMcalculatesL = H(UNgpy||PWapm) ® r, and encryptsE, = Encgx , 54 (7): 
Step 3: ADM sends (L, E,.) to HCC. 
Step 4: HCC computes r’ = Decsx,,,,(E,) and retrieves PW,py from database. 
Step 5: HCC calculates L' = PWjpy ® 1’ , and compares L = L’. 
Step 6: If the comparison result is hold, then HCC generates and sends SMS token (SMS) via PNOgpy to ADM. 
Step 7: ADM restores SMS; from HCC by SMS on his PNO,py and enters SMS"; in the dialogue box and 
resubmits to HCC. 
Step 8: HCC compares SMS, + SMS", ; if matches, then ADM is authorized. Then, ADM can fully manage 
the system completely through operations (adding, modifying, deleting data, and decrypting of some data 
stored in the global database based on the Pr4pm) as well as manages the U; and HCCpp,. 
Step 9: HCC computes SK'4pm = SKapm ® r' and saves a new SK',py with each successful login request. To 
make the shared key change dynamically. 


3.4. User authentication phase 
Here, the login information of users (data entry) that is entered with each patient’s data so that they 
can manage their tasks in HCC after their identities according to the following steps: 
Step 1: U; enters his login credentials (UNy,, PWy,) and calculates Uy, = H(UNy,| |[PWy,). 
Step 2: U; computes Vii, = Encpy,py UP device). Next, he sends (Uy, , Viiy) to HCC. 
Step 3: HCC receives the data and compares Up, = UN Up if the result is accurate, go to Step4; otherwise, it 
terminates the current phase. 
Step 4: HCC generates and sends SMS token (SMSry) via PNOy, to Uj. 
Step 5: U; retrieves SMSy, from HCC by SMS on his PNOy, and enters SMS'y, in the dialogue box and 
resubmits to HCC. 
Step 6: HCC compares SMSy, + SMS'y, ; if matches, then U; is authorized. 
Figure 2 Explains the user authentication phase. 


3.5. Role based access control phase 

This phase is responsible for securing the managed operations between HCC and users supervised 
byADM. So, the users need permissions from ADM to apply some operations such as adding, deleting, and 
updating to the EHRs. Therefore, the current phase depends on the positive results (U; and ADM most be 
authorized) of the previous phase as follows: 


Step 1: HCC decrypts Vii, to check whether DeCpripm (Uin) is equal to the stored HC Cip. If so, the login was 


within the health institution. Otherwise, all data sent by U; to the HCC which must be signed because U; has 
been login outside the organization. 

Step 2: U; want to add a new P; data. Firstly, he should be computed Pino = ( FNp,|| ADp,|| PNp,|l EMp,|| FCIp;|| 
TDp,|| UNp,|| PWp,). Secondly, the user side checks his location based on the next steps. 

Step 3: check the location of U;, if it exists inside the health organization, the communication channel is secure 
because he works directly on the HCC. Hence, Step8 will be performed. 

Step 4: if U; is outside the health organization. The communication channel is not secure because he works 
(anywhere/anytime) indirectly on the HCC. 

Step 5: this step works forward secrecy of the data transferred between U; and HCC. In addition to ensuring 
that the attackers do not change it through the digital signature. 

Step 6: at this step, U; should be contributed to the decision making of sending the patient's information to 
HCC. U; performs the following steps: 
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Choose a random integer number ky, € Z% and set ry, = gi. 
Compute ey, = H (ry, || Pingo) and sy, = ky, + Pru, * ey, 
Send Sign Pry, (Pinfo) =< Pingo Sup Cu, > to HCC. 
Step7: upon receiving the data in Step 6, HCC verifies whether the Sign Pru, (Pingo) is valid or not by running 
Verify Puy, (Pin fo» Sup €u;) as follows. 
Set ry = giy i, 
th, = g Kuit Pru; 
TH, = gi 
Compare ey, = H(7%j, || Pingo); if equals, go to Step8; Otherwise, terminate and exit the current phase. 
Step 8: HCC creates EHRp, to the new P; and saves Pinfo in the FHRp,. 
Step 9: sometime, U; Maybe needed to run main operations like delete/modify. Therefore, there are robust 
restrictions that should execute for gaining user's permission to apply operation that can be performed directly 
if the (modification /deletion) process is immediately after the insertion. However, if the modification/deletion 


operations are done after a time, the operations cannot execute proximately. Thus, HCC sends SMS token 
(SMSry) via PNOy, to U; for making secure operations. 


*eU; agg oe eae, 


ADM 


Enter: UNp,. PWp, 

Choose: randomr E Z 

L= H(H(UNp,, PWp;) ($> r) <L, E,> r= Decsx apy (Er) 

En = Enesx apy (7) wr =“ Restore: PWipu from database 
L' = PWapm D r' 
Compare: L' 2 L 


Challenge text by PNO apy network IF: true THEN: 
Change: SK' apy =SKapm Ð r' 


Enter code: SMS'y < <SMSr> Generate: SMS; 
Esus} = Encsx apy(SMSr) 
< Esyst> 


Compare: Encsx 45,,(SMSr) = Esush 


IF: true THEN: 
Authorize: authorized personADM 


Figure 1. Administrator authentication phase 


Computes: (Uş, Uip) 


Uy, = H(UN;,|| PWo,) <U.,.U. > 
Hy? “tip” Ae | 2 1 
Ui, = ENCpugyy, (P device) i” p ç Compare: Up, = UN'y, 
with HCC database IF true 
Challenge text by PNy, network THEN: 
ZSMS. > Generate: SMSry, 
TU; 

Enter code: SMS'ry, eo Send: SMS7y, to PNOy, 
Esus} = ENCpu gyn SMSr) 

<E syst Compare: Decp,.,,,, (Esus) Ż: SMSry, 


IF: true 
THEN: U; is authorized 


Figure 2. User authentication phase 
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4. SECURITY ANALYSIS 
This section evaluates security analysis of the proposed scheme in terms of formal and informal 
security analysis as the follows: 


4.1. Formal security analysis 

As the internet and other open networks have grown in popularity, many security tools have been 
created and used to ensure safe communication for the proposed system. Scyther is a tool for evaluating the 
security and vulnerabilities of schemes. Two steps explain the working of the tool. Scyther is guaranteed to 
finish in the first step while enabling an indefinite number of sessions to establish protocol soundness. The 
option is to produce the proof tree (using the backend). The second step, Scyther, aids graphical user interface 
analysis by offering attack behavior classes [26]. Any proposed scheme should be expressed in the security 
protocol description language (SPDL), which specifies protocols and schemes and supports expressions for 
encryption, decryption, and signature, as well for sending and receiving events [27]. We write the proposed 
scheme using SPDL language and display the results in the cases of automatic claim and verification claim. 
We perform the proposed system without using security functions that work in the same traditional systems. 
We note that Figure 3 refers to the traditional system and its weakness. 

This paper, proposed the idea a secure system that has overcome the weakness of traditional systems 
using symmetric key encryption (), crypto-hash function. Figure 4 show the proposed system's result resisting 
well-known malicious attacks. 


4.2. Informal security analysis 

As stated in the CK threat model, previous papers over the last ten years have denoted that in the 
related work section, a security proof suffers from an inadequate security model that does not succeed in 
detecting all the genuine capabilities of an attacker. Therefore, according to the CK threat model, we prove the 
security of a proposed system as follows. 


4.2.1. Mutual authentication 

We use this feature among main components (HCC and ADM,HCC and U;). Our work focuses on 
multi-privilege authentication associated with the messages: 1) from HCC and to ADM and vice versa; 2) from 
HCC to U; and vice versa. Here, ADM considers the highest privilege while managing all components of the 
healthcare system, including U;, C; and others. ADM requires to be original by HCC based on (L, E,, VC), 
which is a message from ADM to HCC. HCC in the proposed system could authenticate only the legal ADM 
because a CK adversary needs to guess the login information (UN,py,PWapy,r ) and compute 
L = H(UNgpm||PWapm)||r, and the adversary must know the ADM’s shared-key to encrypt r using 
E, = Encsx ,py("). Here, HCC can be considered a trusted party. 

Although the adversary faces difficulty to obtain (UNapy,PWapy,1, SKapm) as the first step to login 
HCC. Therefore, we assume the adversary can obtain (UNapy,PWapy,1, SKapm) and login as an administrator 
ADM". Hence, ADM must be trusted by HCC based on (SMS TOKEN), and also the login information must be 
correct, HCC decrypts r’ = Decsx,,,,(E,) and gets PW,py with the ADM’s information is stored in the 
system database then compares L to (PWipy||r'); if so, HCC generates and sends SMS token (SMS;) via 
PNOapm to ADM, ADM' fails to receive SMS; from HCC by SMS because he does not have ADM’s device 
phone number PNO,py. After that, HCC terminates the authentication phase. In case ADM is legitimate; he 
enters SMS", in the dialogue box and computes VC = ENCsxK apm (SMS',) and then send it back it to HCC. 
Finally, HCC compares Encgx ,)4(SMSr) + VC; if matches, then ADM is the authorized. 


4.2.2. Session key agreement 

The session key is used to create a protected communication channel between ADM and HCC to 
support secrecy on data. They agree on a once session key SKapy =SKapm ©@ r after responsive authentication. 
It is unattainable for CK adversary to obtain any information of SK,py based on r. 


4.2.3. Perfect forward secrecy 

we note this feature that proves guarantees that an adversary fails to compromise the session keys. 
The proposed system uses dynamic authentication credentials based on (SKypy, r, SMSr), which continue 
evolving in sessions to achieve perfect forward secrecy. Herne, assume an adversary has the ability to obtain 
SKapm, the adversary still unable to obtain L = H(H(UNgpy||PWapm) ® r). The reason is that after each 
successful session, the values SKypy, r and SMSņr generate once using crypto hash function. Therefore, the 
proposed system enjoys this feature. 
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B seytrer ADM-HCE attack spat 
File Verify Help 
Protocol descrmtion semings 


1 usertype HUN,HPW,SMSadm,SMShcc; //define username and password 
2 secret SK:Function; //define shared key 
3 protocol AdminAuth(ADM,HCC) 
4{ 
5 role ADM 
6 { 
7 send_1(ADM,HCC,HUN,HPW); 
8 recv_2(HCC,ADM,SMShcc); 
9 send_3(ADM,HCC,SMSadm); 
10 claim_ADM1(ADM, Secret,SMShcc); 
11 claim_ADM2(ADM, Secret, HUN); 
12 claim_ADM3(ADM, Secret, HPW); 
13 } 
14 role HCC 
15 { 
16 recv_1(ADM,HCC,HUN,HPW); 
7 send_2(HCC,ADM,SMShcc); 
18 recv_3(ADM,HCC,SMSadm); 
19 match(SMShcc,SMSadm); 
20 claim_HCC1(HCC,Secret,SMSadm); 
21 claim_HCC2(HCC,Secret,HUN); 
22 claim_HCC3(HCC,Secret,HPW); 
23 } 
24) 
Attack for claim AdminAuth, HCC3 æ X 


SK (Bob) 


[Id 3] Protocol AdminAuth, role HCC, claim type Secret 


Figure 3. Traditional system 
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EI Scyther: ADM-HCC.spdl 
File Verify Help 
Protocol description Settings 
1 usertype UNPW,r; 
2 hashfunction hash; // hash function 


3 secret SK:Function; // semetric key E Scyther results: autoverify 
4 protocol AdminAuth(ADM,HCC) 
5{ 
6 role ADM 
y { 
8 const SMS; 
9 send_1(ADM,HCC,(hash(hash(UNPW),r), {'SK(ADM))); 
10 recv_2(HCC,ADM,SMS); 
11 send_3(ADM,HCC, {SMS}SK(ADM)); 
12 claim_ADM2(ADM, Secret,r); 
13 claim_ADM3(ADM, Secret, UNPW); 


14 } 
15 role HCC 
16 { 


17 const SMS; 
18 recv_1(ADM,HCC,(hash(hash(UNPW),n), {r}SK(ADM))); 
19 send_2(HCC,ADM,SMS); 
20 recv_3(ADM,HCC,{SMS}SK(ADM)); 
21 claim_HCC1(HCC,Secret,SMS); 
22 claim_HCC2(HCC,Secret,r); 
23 claim_HCC3(HCC,Secret,UNPW); 
24 } 
25} 
' ther: ADM-»0 
le Veify Helo 
Pistocol douripton Settings 
1 usertype UNPW,r; 


2 hashfunction hash; // hash function 
3 secret SK-Function; // semetric key 


4 protocol AdminAuth(ADM,HCO) 

51 

6 role ADM 

A (Ct 

8 const SMS; 

9 send 1(ADM,HCC,(hash(hash(UNPW),1), (SK(ADM))); 
10 recv_?(HCC ADM, SMS); 
11 send_3(ADM,HCC, {SMS}SK(ADM)); 
12 claim_ADM2(ADM Secret); 
13 claim_ADM3(ADM,SecreLUNPW); 
14 } 
15 role HCC 
16 ( 
17 const SMS; 
18 fecy_1(ADM,HCC,(hashihash(UNPW),F), [SK(ADM))); 
19 send_2(HCC.ADM,SMS); 
20 recy_3(ADM,HCC,{SMS}SK(ADM)); 
21 claim HCC1HCCG Secret SMS); 
22 claim_HCC2{HCC Secret,r); 
23 claim_HCC3(HCC Secret UNPW); 
24 H 
25) 


Figure 4. Verification system and verification auto system 


4.2.4. Attack resistance 

We could argue that any attack is positive if a CK adversary locates any technique to run several 
malicious attacks, such as impersonation, man-in-the-middle (MITM), replay, and insider. Most of all, an 
impersonation attack has a direct relationship with mutual authentication; the adversary needs to know the first- 
factor message (L, E,) to masquerade as ADM and the challenge message (SMSr) to pretence as HCC, 
respectively. Conversely, these messages are linked to the knowledge of login information. So, the proposed 
system could prevent impersonation attacks. Additionally, the MITM attack works in the same manner as active 
eavesdropping; the adversary constructs autonomous connections with the components of the network and 
dispatches messages between them to make them trust they are communicating directly to each other but 
actually, the adversary organizes this communication. Here, we denoted the mutual authentication provision, 
the shared key (SK4pm) associated information to only registered ADM and HCC. In the CK model, the session 
key of the system is necessary not to be compromised even in the case of temporary secret leakage. 

Our work, the brief secrets are r and SMSy. An adversary fails to obtain both UNypy and PWapy to 
calculate L because these useful parameters (UNapy ,PWapm) generate once for each login request. Assume 
that an adversary has access to the short-lived random number r and login information to compute L and get 
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SKapm key, but the adversary cannot have PNO,py to receive the SMS; From HCC as shown in Figure 4. 
Therefore, our proposed system resists MITM, dictionary, impersonate, replay, sniffing, hijacking, and 
eavesdropping attacks because an adversary cannot access any benefits from exchanged parameters between 
ADM and HCC. So, an adversary fails to apply an insider attack because the SMS, connects with the legal- 
administrator’s phone number (PNO,py). Finally, DoS adds to the list of resisting attacks by the proposed 
system using timestamps for exchanging information. 


4.2.5. Anonymity 

An adversary faces difficulty to reveal the user’s identity/password using CK adversary’s perspective. 
Currently, it is obligatory to check the identity of login information transmitted among system components to 
reflect anonymity. We notice that all information in HCC saved using SHA-256 hash function 
H(PW,pm||UNapy), Which has a strong relationship with the identity of entities. To do so, the adversary should 
know break SHA-256, which is not feasible. Therefore, the proposed system provides anonymity. 


4.2.6. Unlinkability 

This feature focuses on preventing HCC from detecting ADM that has logged previously or not. We 
applied to feature in the proposed system by changing the values (SKypy, r, PWapm) each time ADM attempts 
to login. Consequently, HCC cannot link different logins with the same ADM. 


4.2.7. Role-based access control 

RBAC regulates access based on users' roles in the system and the rules that govern what access is 
granted to which users in which roles. In this paper, the users need permissions from ADM to apply some 
operations such as add, delete, update on EHRs. Here, U; needs permission from ADM to delete, update or add 
new information on the EHR. The following steps describe the mechanism of gain role in more potential to 
U; for apply some operation. The operation can be performed directly if the (modification /deletion) process is 
immediately after the insertion. However, if the modification/deletion operations are done after a time, the 
operations cannot be executed proximately. So, HCC sends SMS token (SMSry) via PNOy, to U; for 
promoting him to a higher role. Then, U; can apply operations when he uses SMSry as a code verification and 
gains permission for a limited time. 

The results have confirmed the correctness of our proposed scheme in a realistic simulated 
environment. The authentication process was done secure and automatically for each factor. Thus, each user's 
time to check-in was short and depended only on the OTP. The first two-factor (something you know and have) 
authentication process is automatic and works in the smart factor principle. The second process using OTP data 
(something you have) takes approximately the speed of reading and input data to verify the user. This user- 
friendly scenario encourages employees to use it since they only feel authenticated by OTP verification. The 
other two factors are automatically authenticated instead of existing systems requiring several actions from the 
user. In terms of attempts to spoof, the results above show the possibility of spoofing one factor. Still, it takes 
too much effort to spoof all factors in a real situation. So, the proposed system has many good features such as 
location authentication factor “something you where” using ISP-IP, RBAC that depends on distributing the 
privilege among system’s components. The summarised results are presented in Table 1. Our scheme 
implements multi-factor security to ensure that leaking data of all factors does not occur. Our work 
distinguishes to achieve all features in the Table 2 compared with other related work. 


Table 1. The experiment's overall findings 


Results Factors/attributes 
Something you know (username/ password) (F1) 100% accurate (like to our healthcare management system) 
Something you have (smart device) (F2) 100% accurate (the user’s device is used to register in the system, and other users 


cannot register from the same device; as well as, we add the user’s phone number 
to use as a second factor to receive SMS) 


Something you where (location) (F3) 100% accurate (when users whishes to work from outside the healthcare center, 
the transferred data should be protected by adding extra factor depending on ISP- 
IP) 

Attempt for spoofing (F4) The spoofing attack is possible to apply in any system, and it relies on the security 


sturdiness of authentication factors. On our practical side, the adversary can still 
not access the target’s OTP crypto hash unless the victimized user willingly 
specifies it. Moreover, the adversary still needs to obtain extra information about 
other factors and gain the victim’s device. Today, users feel reluctant to lend their 
mobile devices, even for a short time. 
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Table 2. Demonstrates the main comparison between our work and related works 


Schemes/systems Number of factors Security Accuracy ISP IP Verification Formal Verification 
[27 2 (F1, F2) Medium Medium No No 
[18 2 (F1, F2) Medium Medium No No 
[20 2 (F2, F3) Medium Medium No No 
[17 3 (F1, F2, F4) Medium Medium No No 
[28 2 (F1, F2 or F2, F3) Medium Medium No No 
[13 3 (F1, F2, F3) High High No No 
[11 3 (F1, F2, F3) High High No No 
[14 3 (F1, F2, F3) High High No No 
[29 2 (F2, F3) Medium High No No 
[30 2 (F2, F3) Medium High No No 
[31 1 (F4) N\A High No No 
The proposed system 4 (F1, F2, F3, F4) High High Yes Yes 


One of the essential features of the proposed work is determining location via IP address (ISP IP 
Verification), which compares the user's IP address with the IP of the health server to determine whether the 
person works from inside or outside the health institution. Since operating from outside, the institution is more 
vulnerable to malicious attacks, as the data goes through the Internet, we should secure the data (encryption 
and digital signature) before sending it by the user’s device to the HCC. Finally, the proposed scheme achieves 
four factors (F1, F2, F3, and F4) that reflect high accuracy and security compared with other previous works. 


5. CONCLUSION 

Security and privacy concerns are key roadblocks to large-scale healthcare system implementations. 
The authentication represents the core of this type of system. According to past studies, there are essentially 
no robust authentication schemes fit for this type of system. We propose a reliable, secure, and scalable multi- 
factor anonymous authentication technique as a first step in the right direction and follows by the second step 
focused on gaining privileges to all components of E-health system based on role for each one. The proposed 
scheme allows a legal component user/administrator to mutually authenticate with a healthcare center (cloud 
server) by using multi-factor technique such as OTP, SMS-token, ISP IP verification, and secure key 
management. Additionally, our work has good matrices like anonymity, unlinkability, and attack resistance. In 
the future, the security of the proposed scheme is explicitly demonstrated using the well-established Scyther 
tool and security analysis. 
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